[thirdparty/systemd.git] / man / systemd-journal-upload.service.xml

<?xml version='1.0'?>
<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN"
  "http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd" [
<!ENTITY % entities SYSTEM "custom-entities.ent" >
%entities;
]>
<!-- SPDX-License-Identifier: LGPL-2.1+ -->

<refentry id="systemd-journal-upload" conditional='HAVE_MICROHTTPD'
          xmlns:xi="http://www.w3.org/2001/XInclude">

  <refentryinfo>
    <title>systemd-journal-upload.service</title>
    <productname>systemd</productname>
  </refentryinfo>

  <refmeta>
    <refentrytitle>systemd-journal-upload.service</refentrytitle>
    <manvolnum>8</manvolnum>
  </refmeta>

  <refnamediv>
    <refname>systemd-journal-upload.service</refname>
    <refname>systemd-journal-upload</refname>
    <refpurpose>Send journal messages over the network</refpurpose>
  </refnamediv>

  <refsynopsisdiv>
    <para><filename>systemd-journal-upload.service</filename></para>
    <cmdsynopsis>
      <command>/usr/lib/systemd/systemd-journal-upload</command>
      <arg choice="opt" rep="repeat">OPTIONS</arg>
      <arg choice="opt" rep="norepeat">-u/--url=<replaceable>URL</replaceable></arg>
      <arg choice="opt" rep="repeat">SOURCES</arg>
    </cmdsynopsis>
  </refsynopsisdiv>

  <refsect1>
    <title>Description</title>

    <para><command>systemd-journal-upload</command> will upload journal entries to the URL specified
    with <option>--url=</option>. This program reads journal entries from one or more journal files,
    similarly to
    <citerefentry><refentrytitle>journalctl</refentrytitle><manvolnum>1</manvolnum></citerefentry>.
    Unless limited by one of the options specified below, all journal entries accessible to the user
    the program is running as will be uploaded, and then the program will wait and send new entries
    as they become available.</para>

    <para><filename>systemd-journal-upload.service</filename> is a system service that uses
    <command>systemd-journal-upload</command> to upload journal entries to a server. It uses the
    configuration in
    <citerefentry><refentrytitle>journal-upload.conf</refentrytitle><manvolnum>5</manvolnum></citerefentry>.
    At least the <varname>URL=</varname> option must be specified.</para>
  </refsect1>

  <refsect1>
    <title>Options</title>

    <variablelist>
      <varlistentry>
        <term><option>-u</option></term>
        <term><option>--url=<optional>https://</optional><replaceable>URL</replaceable>[:<replaceable>PORT</replaceable>]</option></term>
        <term><option>--url=<optional>http://</optional><replaceable>URL</replaceable>[:<replaceable>PORT</replaceable>]</option></term>

        <listitem><para>Upload to the specified
        address. <replaceable>URL</replaceable> may specify either
        just the hostname or both the protocol and
        hostname. <constant>https</constant> is the default.
        The port number may be specified after a colon (<literal>:</literal>),
        otherwise <constant>19532</constant> will be used by default.
        </para></listitem>
      </varlistentry>

      <varlistentry>
        <term><option>--system</option></term>
        <term><option>--user</option></term>

        <listitem><para>Limit uploaded entries to entries from system
        services and the kernel, or to entries from services of
        current user. This has the same meaning as
        <option>--system</option> and <option>--user</option> options
        for
        <citerefentry><refentrytitle>journalctl</refentrytitle><manvolnum>1</manvolnum></citerefentry>. If
        neither is specified, all accessible entries are uploaded.
        </para></listitem>
      </varlistentry>

      <varlistentry>
        <term><option>-m</option></term>
        <term><option>--merge</option></term>

        <listitem><para>Upload entries interleaved from all available
        journals, including other machines. This has the same meaning
        as <option>--merge</option> option for
        <citerefentry><refentrytitle>journalctl</refentrytitle><manvolnum>1</manvolnum></citerefentry>.</para></listitem>
      </varlistentry>

      <varlistentry>
        <term><option>-D</option></term>
        <term><option>--directory=<replaceable>DIR</replaceable></option></term>

        <listitem><para>Takes a directory path as argument. Upload
        entries from the specified journal directory
        <replaceable>DIR</replaceable> instead of the default runtime
        and system journal paths. This has the same meaning as
        <option>--directory=</option> option for
        <citerefentry><refentrytitle>journalctl</refentrytitle><manvolnum>1</manvolnum></citerefentry>.
        </para></listitem>
      </varlistentry>

      <varlistentry>
        <term><option>--file=<replaceable>GLOB</replaceable></option></term>

        <listitem><para>Takes a file glob as an argument. Upload
        entries from the specified journal files matching
        <replaceable>GLOB</replaceable> instead of the default runtime
        and system journal paths. May be specified multiple times, in
        which case files will be suitably interleaved. This has the same meaning as
        <option>--file=</option> option for
        <citerefentry><refentrytitle>journalctl</refentrytitle><manvolnum>1</manvolnum></citerefentry>.
        </para></listitem>
      </varlistentry>

      <varlistentry>
        <term><option>--cursor=</option></term>

        <listitem><para>Upload entries from the location in the
        journal specified by the passed cursor. This has the same
        meaning as <option>--cursor=</option> option for
        <citerefentry><refentrytitle>journalctl</refentrytitle><manvolnum>1</manvolnum></citerefentry>.</para></listitem>
      </varlistentry>

      <varlistentry>
        <term><option>--after-cursor=</option></term>

        <listitem><para>Upload entries from the location in the
        journal <emphasis>after</emphasis> the location specified by
        the this cursor.  This has the same meaning as
        <option>--after-cursor=</option> option for
        <citerefentry><refentrytitle>journalctl</refentrytitle><manvolnum>1</manvolnum></citerefentry>.
        </para></listitem>
      </varlistentry>

      <varlistentry>
        <term><option>--save-state</option><optional>=<replaceable>PATH</replaceable></optional></term>

        <listitem><para>Upload entries from the location in the
        journal <emphasis>after</emphasis> the location specified by
        the cursor saved in file at <replaceable>PATH</replaceable>
        (<filename>/var/lib/systemd/journal-upload/state</filename> by default).
        After an entry is successfully uploaded, update this file
        with the cursor of that entry.
        </para></listitem>
      </varlistentry>

      <varlistentry>
        <term><option>--follow</option><optional>=<replaceable>BOOL</replaceable></optional></term>

        <listitem><para>
          If set to yes, then <command>systemd-journal-upload</command> waits for input.
        </para></listitem>
      </varlistentry>

      <varlistentry>
        <term><option>--key=</option></term>

        <listitem><para>
          Takes a path to a SSL key file in PEM format.
          Defaults to <filename>&CERTIFICATE_ROOT;/private/journal-upload.pem</filename>.
        </para></listitem>
      </varlistentry>

      <varlistentry>
        <term><option>--cert=</option></term>

        <listitem><para>
          Takes a path to a SSL certificate file in PEM format.
          Defaults to <filename>&CERTIFICATE_ROOT;/certs/journal-upload.pem</filename>.
        </para></listitem>
      </varlistentry>

      <varlistentry>
        <term><option>--trust=</option></term>

        <listitem><para>
          Takes a path to a SSL CA certificate file in PEM format,
          or <option>all</option>. If <option>all</option> is set,
          then certificate checking will be disabled.
          Defaults to <filename>&CERTIFICATE_ROOT;/ca/trusted.pem</filename>.
        </para></listitem>
      </varlistentry>

      <xi:include href="standard-options.xml" xpointer="help" />
      <xi:include href="standard-options.xml" xpointer="version" />
    </variablelist>
  </refsect1>

  <refsect1>
    <title>Exit status</title>

    <para>On success, 0 is returned; otherwise, a non-zero
    failure code is returned.</para>
  </refsect1>

  <refsect1>
    <title>Examples</title>
    <example>
      <title>Setting up certificates for authentication</title>

      <para>Certificates signed by a trusted authority are used to
      verify that the server to which messages are uploaded is
      legitimate, and vice versa, that the client is trusted.</para>

      <para>A suitable set of certificates can be generated with
      <command>openssl</command>. Note, 2048 bits of key length
      is minimally recommended to use for security reasons:</para>

      <programlisting>openssl req -newkey rsa:2048 -days 3650 -x509 -nodes \
      -out ca.pem -keyout ca.key -subj '/CN=Certificate authority/'

cat &gt;ca.conf &lt;&lt;EOF
[ ca ]
default_ca = this

[ this ]
new_certs_dir = .
certificate = ca.pem
database = ./index
private_key = ca.key
serial = ./serial
default_days = 3650
default_md = default
policy = policy_anything

[ policy_anything ]
countryName             = optional
stateOrProvinceName     = optional
localityName            = optional
organizationName        = optional
organizationalUnitName  = optional
commonName              = supplied
emailAddress            = optional
EOF

touch index
echo 0001 &gt;serial

SERVER=server
CLIENT=client

openssl req -newkey rsa:2048 -nodes -out $SERVER.csr -keyout $SERVER.key -subj "/CN=$SERVER/"
openssl ca -batch -config ca.conf -notext -in $SERVER.csr -out $SERVER.pem

openssl req -newkey rsa:2048 -nodes -out $CLIENT.csr -keyout $CLIENT.key -subj "/CN=$CLIENT/"
openssl ca -batch -config ca.conf -notext -in $CLIENT.csr -out $CLIENT.pem
</programlisting>

      <para>Generated files <filename>ca.pem</filename>,
      <filename>server.pem</filename>, and
      <filename>server.key</filename> should be installed on server,
      and <filename>ca.pem</filename>,
      <filename>client.pem</filename>, and
      <filename>client.key</filename> on the client. The location of
      those files can be specified using
      <varname>TrustedCertificateFile=</varname>,
      <varname>ServerCertificateFile=</varname>,
      <varname>ServerKeyFile=</varname>, in
      <filename>/etc/systemd/journal-remote.conf</filename> and
      <filename>/etc/systemd/journal-upload.conf</filename>,
      respectively. The default locations can be queried by using
      <command>systemd-journal-remote --help</command> and
      <command>systemd-journal-upload --help</command>.</para>
    </example>
  </refsect1>

  <refsect1>
    <title>See Also</title>
    <para>
      <citerefentry><refentrytitle>journal-upload.conf</refentrytitle><manvolnum>5</manvolnum></citerefentry>,
      <citerefentry><refentrytitle>systemd-journal-remote.service</refentrytitle><manvolnum>8</manvolnum></citerefentry>,
      <citerefentry><refentrytitle>journalctl</refentrytitle><manvolnum>1</manvolnum></citerefentry>,
      <citerefentry><refentrytitle>systemd-journald.service</refentrytitle><manvolnum>8</manvolnum></citerefentry>,
      <citerefentry><refentrytitle>systemd-journal-gatewayd.service</refentrytitle><manvolnum>8</manvolnum></citerefentry>
    </para>
  </refsect1>
</refentry>
Commit	Line	Data
514094f9	1	<?xml version='1.0'?>
3a54a157 ZJS	2	<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN"
3a54a157 ZJS	3	"http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd" [
3db93b3f YW	4	<!ENTITY % entities SYSTEM "custom-entities.ent" >
	5	%entities;
	6	]>
0307f791	7	<!-- SPDX-License-Identifier: LGPL-2.1+ -->
330427e2 ZJS	8
	9	<refentry id="systemd-journal-upload" conditional='HAVE_MICROHTTPD'
	10	xmlns:xi="http://www.w3.org/2001/XInclude">
	11
	12	<refentryinfo>
1f416853	13	<title>systemd-journal-upload.service</title>
330427e2	14	<productname>systemd</productname>
330427e2 ZJS	15	</refentryinfo>
	16
	17	<refmeta>
1f416853	18	<refentrytitle>systemd-journal-upload.service</refentrytitle>
330427e2 ZJS	19	<manvolnum>8</manvolnum>
	20	</refmeta>
	21
	22	<refnamediv>
1f416853	23	<refname>systemd-journal-upload.service</refname>
330427e2 ZJS	24	<refname>systemd-journal-upload</refname>
	25	<refpurpose>Send journal messages over the network</refpurpose>
	26	</refnamediv>
	27
	28	<refsynopsisdiv>
1f416853	29	<para><filename>systemd-journal-upload.service</filename></para>
330427e2	30	<cmdsynopsis>
1f416853	31	<command>/usr/lib/systemd/systemd-journal-upload</command>
330427e2 ZJS	32	<arg choice="opt" rep="repeat">OPTIONS</arg>
	33	<arg choice="opt" rep="norepeat">-u/--url=<replaceable>URL</replaceable></arg>
	34	<arg choice="opt" rep="repeat">SOURCES</arg>
	35	</cmdsynopsis>
	36	</refsynopsisdiv>
	37
	38	<refsect1>
	39	<title>Description</title>
	40
c643653e	41	<para><command>systemd-journal-upload</command> will upload journal entries to the URL specified
492cb509	42	with <option>--url=</option>. This program reads journal entries from one or more journal files,
c643653e ZJS	43	similarly to
	44	<citerefentry><refentrytitle>journalctl</refentrytitle><manvolnum>1</manvolnum></citerefentry>.
	45	Unless limited by one of the options specified below, all journal entries accessible to the user
	46	the program is running as will be uploaded, and then the program will wait and send new entries
	47	as they become available.</para>
0b063391 ZJS	48
	49	<para><filename>systemd-journal-upload.service</filename> is a system service that uses
	50	<command>systemd-journal-upload</command> to upload journal entries to a server. It uses the
	51	configuration in
	52	<citerefentry><refentrytitle>journal-upload.conf</refentrytitle><manvolnum>5</manvolnum></citerefentry>.
	53	At least the <varname>URL=</varname> option must be specified.</para>
330427e2 ZJS	54	</refsect1>
	55
	56	<refsect1>
	57	<title>Options</title>
	58
	59	<variablelist>
	60	<varlistentry>
	61	<term><option>-u</option></term>
767f565f YW	62	<term><option>--url=<optional>https://</optional><replaceable>URL</replaceable>[:<replaceable>PORT</replaceable>]</option></term>
767f565f YW	63	<term><option>--url=<optional>http://</optional><replaceable>URL</replaceable>[:<replaceable>PORT</replaceable>]</option></term>
330427e2 ZJS	64
	65	<listitem><para>Upload to the specified
	66	address. <replaceable>URL</replaceable> may specify either
	67	just the hostname or both the protocol and
	68	hostname. <constant>https</constant> is the default.
767f565f YW	69	The port number may be specified after a colon (<literal>:</literal>),
767f565f YW	70	otherwise <constant>19532</constant> will be used by default.
330427e2 ZJS	71	</para></listitem>
	72	</varlistentry>
	73
	74	<varlistentry>
	75	<term><option>--system</option></term>
	76	<term><option>--user</option></term>
	77
	78	<listitem><para>Limit uploaded entries to entries from system
	79	services and the kernel, or to entries from services of
	80	current user. This has the same meaning as
	81	<option>--system</option> and <option>--user</option> options
	82	for
	83	<citerefentry><refentrytitle>journalctl</refentrytitle><manvolnum>1</manvolnum></citerefentry>. If
	84	neither is specified, all accessible entries are uploaded.
	85	</para></listitem>
	86	</varlistentry>
	87
	88	<varlistentry>
	89	<term><option>-m</option></term>
	90	<term><option>--merge</option></term>
	91
	92	<listitem><para>Upload entries interleaved from all available
	93	journals, including other machines. This has the same meaning
	94	as <option>--merge</option> option for
	95	<citerefentry><refentrytitle>journalctl</refentrytitle><manvolnum>1</manvolnum></citerefentry>.</para></listitem>
	96	</varlistentry>
	97
	98	<varlistentry>
	99	<term><option>-D</option></term>
	100	<term><option>--directory=<replaceable>DIR</replaceable></option></term>
	101
	102	<listitem><para>Takes a directory path as argument. Upload
	103	entries from the specified journal directory
	104	<replaceable>DIR</replaceable> instead of the default runtime
	105	and system journal paths. This has the same meaning as
492cb509	106	<option>--directory=</option> option for
330427e2 ZJS	107	<citerefentry><refentrytitle>journalctl</refentrytitle><manvolnum>1</manvolnum></citerefentry>.
	108	</para></listitem>
	109	</varlistentry>
	110
	111	<varlistentry>
	112	<term><option>--file=<replaceable>GLOB</replaceable></option></term>
	113
	114	<listitem><para>Takes a file glob as an argument. Upload
	115	entries from the specified journal files matching
	116	<replaceable>GLOB</replaceable> instead of the default runtime
	117	and system journal paths. May be specified multiple times, in
	118	which case files will be suitably interleaved. This has the same meaning as
492cb509	119	<option>--file=</option> option for
330427e2 ZJS	120	<citerefentry><refentrytitle>journalctl</refentrytitle><manvolnum>1</manvolnum></citerefentry>.
	121	</para></listitem>
	122	</varlistentry>
	123
	124	<varlistentry>
	125	<term><option>--cursor=</option></term>
	126
	127	<listitem><para>Upload entries from the location in the
	128	journal specified by the passed cursor. This has the same
492cb509	129	meaning as <option>--cursor=</option> option for
330427e2 ZJS	130	<citerefentry><refentrytitle>journalctl</refentrytitle><manvolnum>1</manvolnum></citerefentry>.</para></listitem>
	131	</varlistentry>
	132
	133	<varlistentry>
	134	<term><option>--after-cursor=</option></term>
	135
	136	<listitem><para>Upload entries from the location in the
	137	journal <emphasis>after</emphasis> the location specified by
	138	the this cursor. This has the same meaning as
492cb509	139	<option>--after-cursor=</option> option for
330427e2 ZJS	140	<citerefentry><refentrytitle>journalctl</refentrytitle><manvolnum>1</manvolnum></citerefentry>.
	141	</para></listitem>
	142	</varlistentry>
	143
330427e2 ZJS	144	<varlistentry>
	145	<term><option>--save-state</option><optional>=<replaceable>PATH</replaceable></optional></term>
	146
	147	<listitem><para>Upload entries from the location in the
	148	journal <emphasis>after</emphasis> the location specified by
	149	the cursor saved in file at <replaceable>PATH</replaceable>
	150	(<filename>/var/lib/systemd/journal-upload/state</filename> by default).
	151	After an entry is successfully uploaded, update this file
	152	with the cursor of that entry.
	153	</para></listitem>
	154	</varlistentry>
	155
3db93b3f YW	156	<varlistentry>
	157	<term><option>--follow</option><optional>=<replaceable>BOOL</replaceable></optional></term>
	158
	159	<listitem><para>
	160	If set to yes, then <command>systemd-journal-upload</command> waits for input.
	161	</para></listitem>
	162	</varlistentry>
	163
	164	<varlistentry>
	165	<term><option>--key=</option></term>
	166
	167	<listitem><para>
	168	Takes a path to a SSL key file in PEM format.
	169	Defaults to <filename>&CERTIFICATE_ROOT;/private/journal-upload.pem</filename>.
	170	</para></listitem>
	171	</varlistentry>
	172
	173	<varlistentry>
	174	<term><option>--cert=</option></term>
	175
	176	<listitem><para>
	177	Takes a path to a SSL certificate file in PEM format.
	178	Defaults to <filename>&CERTIFICATE_ROOT;/certs/journal-upload.pem</filename>.
	179	</para></listitem>
	180	</varlistentry>
	181
	182	<varlistentry>
	183	<term><option>--trust=</option></term>
	184
	185	<listitem><para>
	186	Takes a path to a SSL CA certificate file in PEM format,
	187	or <option>all</option>. If <option>all</option> is set,
	188	then certificate checking will be disabled.
	189	Defaults to <filename>&CERTIFICATE_ROOT;/ca/trusted.pem</filename>.
	190	</para></listitem>
	191	</varlistentry>
	192
330427e2 ZJS	193	<xi:include href="standard-options.xml" xpointer="help" />
	194	<xi:include href="standard-options.xml" xpointer="version" />
	195	</variablelist>
	196	</refsect1>
	197
	198	<refsect1>
	199	<title>Exit status</title>
	200
	201	<para>On success, 0 is returned; otherwise, a non-zero
	202	failure code is returned.</para>
	203	</refsect1>
	204
99a1ab10 ZJS	205	<refsect1>
	206	<title>Examples</title>
	207	<example>
	208	<title>Setting up certificates for authentication</title>
	209
	210	<para>Certificates signed by a trusted authority are used to
	211	verify that the server to which messages are uploaded is
	212	legitimate, and vice versa, that the client is trusted.</para>
	213
	214	<para>A suitable set of certificates can be generated with
b5340a29	215	<command>openssl</command>. Note, 2048 bits of key length
32f511ec	216	is minimally recommended to use for security reasons:</para>
99a1ab10 ZJS	217
	218	<programlisting>openssl req -newkey rsa:2048 -days 3650 -x509 -nodes \
	219	-out ca.pem -keyout ca.key -subj '/CN=Certificate authority/'
	220
b938cb90	221	cat >ca.conf <<EOF
99a1ab10 ZJS	222	[ ca ]
	223	default_ca = this
	224
	225	[ this ]
	226	new_certs_dir = .
	227	certificate = ca.pem
	228	database = ./index
	229	private_key = ca.key
	230	serial = ./serial
	231	default_days = 3650
	232	default_md = default
	233	policy = policy_anything
	234
	235	[ policy_anything ]
	236	countryName = optional
	237	stateOrProvinceName = optional
	238	localityName = optional
	239	organizationName = optional
	240	organizationalUnitName = optional
	241	commonName = supplied
	242	emailAddress = optional
	243	EOF
	244
	245	touch index
b938cb90	246	echo 0001 >serial
99a1ab10 ZJS	247
	248	SERVER=server
	249	CLIENT=client
	250
562b65ca	251	openssl req -newkey rsa:2048 -nodes -out $SERVER.csr -keyout $SERVER.key -subj "/CN=$SERVER/"
99a1ab10 ZJS	252	openssl ca -batch -config ca.conf -notext -in $SERVER.csr -out $SERVER.pem
99a1ab10 ZJS	253
562b65ca	254	openssl req -newkey rsa:2048 -nodes -out $CLIENT.csr -keyout $CLIENT.key -subj "/CN=$CLIENT/"
99a1ab10 ZJS	255	openssl ca -batch -config ca.conf -notext -in $CLIENT.csr -out $CLIENT.pem
	256	</programlisting>
	257
	258	<para>Generated files <filename>ca.pem</filename>,
	259	<filename>server.pem</filename>, and
	260	<filename>server.key</filename> should be installed on server,
	261	and <filename>ca.pem</filename>,
	262	<filename>client.pem</filename>, and
	263	<filename>client.key</filename> on the client. The location of
	264	those files can be specified using
	265	<varname>TrustedCertificateFile=</varname>,
	266	<varname>ServerCertificateFile=</varname>,
	267	<varname>ServerKeyFile=</varname>, in
12b42c76	268	<filename>/etc/systemd/journal-remote.conf</filename> and
b938cb90	269	<filename>/etc/systemd/journal-upload.conf</filename>,
99a1ab10 ZJS	270	respectively. The default locations can be queried by using
	271	<command>systemd-journal-remote --help</command> and
	272	<command>systemd-journal-upload --help</command>.</para>
	273	</example>
	274	</refsect1>
	275
330427e2 ZJS	276	<refsect1>
	277	<title>See Also</title>
	278	<para>
3eff246a	279	<citerefentry><refentrytitle>journal-upload.conf</refentrytitle><manvolnum>5</manvolnum></citerefentry>,
1f416853	280	<citerefentry><refentrytitle>systemd-journal-remote.service</refentrytitle><manvolnum>8</manvolnum></citerefentry>,
330427e2 ZJS	281	<citerefentry><refentrytitle>journalctl</refentrytitle><manvolnum>1</manvolnum></citerefentry>,
	282	<citerefentry><refentrytitle>systemd-journald.service</refentrytitle><manvolnum>8</manvolnum></citerefentry>,
	283	<citerefentry><refentrytitle>systemd-journal-gatewayd.service</refentrytitle><manvolnum>8</manvolnum></citerefentry>
	284	</para>
	285	</refsect1>
	286	</refentry>